01-14-2019 07:14 AM - edited 03-12-2019 07:13 AM
Hi all,
I've searched the internet high and low and cant find a definite answer to this one. With the old ASA's with the firepower modules is CTR+PROTECT licenses enough for the IPS to work and generate IPS events in the event viewer (adsm) or FMC? I know the signatures wont update so i guess will be stock, but i'm just after lab functionality.
I guess this will be useful to many people if somebody can confirm it.
01-14-2019 07:24 AM - edited 01-14-2019 07:36 AM
Protection Control license never expire and this will enough for IPS/IDS.
if you looking for lab site. And if i were you than I install the vFTD with FMC and use the smart lice option by clicking the smart lic it will give you 90 days demo lic with full functionality. enough time for you to learn the product. (this will include all the feature like URL, MALWARE, Pro, Control).
I guess you have a ASA5515 does come with a SFR module. i find some more information for you
01-14-2019 07:52 AM
Thankyou Sharaz,
That's some good information right there, it does not specify if you can use the IPS functionality (not updated) with the ctr+protect licenses. Do you know if you can use it and will it generate events with old sigs without the IPS license?
I didn't know about the VFTD 90 day free trial - ill have a look into that.
01-14-2019 07:56 AM
01-14-2019 07:59 AM
I mean you don't get any signature updates unless you buy the IPS license but the IPS module will work and trigger IPS events.
thanks for clarifying.
01-14-2019 08:05 AM - edited 01-14-2019 08:06 AM
Its not like that, With CONTROL+PROTECT license you can enable IPS/IDS functionalities on a ASA having Firepower module and it can get the signature updates from cisco. There is no specific IPS license in Firepower module on ASA case.
When you buy FTD you will get only the base license for firewalling you need to buy additional Threat license for the IPS/IDS functionalities
HTH
Abheesh
01-14-2019 08:19 AM
with respect @Abheesh Kumar as long as @Matthew burnley need to learn the product the short way to get his hand dirty is to install a vFTD and vFMC and play around to lean the system. this will enhance his skill in regards to firepower at layer 7 with IPS/IDS, URL and Malware. once get understand the technology he can look the rest later. this is my thoughts on this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide